I have a FORM that I want the user to compose an sql select statement such as
select * from user_constraints where constraint_type in ('R', 'P') order by
constraint_name
and the action points to a jsp page contained in TomCat 4.1.12. The page has no java
code but jstl tags to handle the request and displays the result in a html table. The
problem is that if the select sql string contains any single quote like the one above.
I am getting the following error message:
org.apache.jasper.JasperException:
select * from user_constraints where constraint_type in ('R', 'P') order by
constraint_name
: ORA-00911: invalid character
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:246)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:289)
...
But it is a completely correct sql string! Only after bothered by it for several
days, I realized that http escapes the single quote ('), so the string gets sent to
the jsp page is
select * from user_constraints where constraint_type in ('R', 'P')
order by constraint_name
and it is forward to the <sql:query> tag for processing.
Now the question is, should TomCat recover the escaped ' before sends the string for
processing, just as the browser does?
For now, I am going to do that with some jave code.
---------------------------------
Do you Yahoo!?
U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD
